[MDEV-36579] a null pointer dereference in the my_decimal::to_binary() function, located in sql/my_decimal.cc at line 206. - Jira

XML

Word

Printable

Details

Type: Bug
Status: Closed (View Workflow)
Priority: Critical
Resolution: Cannot Reproduce
Affects Version/s: 11.4.0
Fix Version/s: N/A
Component/s: Server
Labels:
None
Environment:
ubuntu20.04, x86

Bug Category:
Not for Release Notes

Description

This MariaDB vulnerability arises from a null pointer dereference in the my_decimal::to_binary() function, located in sql/my_decimal.cc at line 206. The crash occurs because this is nullptr, yet the function attempts to call my_decimal2decimal(this, &rounded) without checking for null. This issue can be triggered during sorting operations (filesort.cc) on decimal fields, potentially leading to a segmentation fault and denial-of-service (DoS) via crafted SQL input.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending
- Thumbnails
- List
- Download All

gdbcheck_bug1748.log
2025-04-13 09:05
9 kB
yx
bug1748.sql
2025-05-25 12:50
0.4 kB
yx

Activity

People

Assignee:: Unassigned

Reporter:: yx

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 2025-04-13 09:05

Updated:: 2025-06-17 18:04

Resolved:: 2025-06-17 18:04

Git Integration

Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.